Network Quiz

IS YOUR NETWORK HEALTHY?

Take our eye-opening quiz, and find out what may be leaving your organization at risk.

True or False?…

“You can securely send PHI through free Gmail email accounts.”

FALSE

The HIPAA Omnibus Rule expands the definition of HIPAA Business Associates to cloud providers. Some of the cloud providers include Google, Yahoo, AOL, Amazon, Microsoft (and Dropbox – see above). As HIPAA Business Associates, cloud providers are required to sign Business Associate Agreements (BAA) with Covered Entities. Unfortunately, Yahoo, AOL and Dropbox will not sign a BAA. Google will sign a BAA if you use the paid Google Apps service. So if practices are using free Gmail, Yahoo and AOL for email and there is PHI stored in email using these services would be a HIPAA violation. (Source: HIPAA Secure Now)

“Multiple users should log in to access PHI using one shared password.”

FALSE

Anyone that accesses PHI must use a unique user identification. User accounts and passwords should not be shared.

(Source: HIPAA Secure Now)

“HIPAA Security Rule requires periodic review of audit logs for all site information systems that contain or use EPHI.”

TRUE

There are more and more stories of hackers or employees accessing PHI inappropriately or stealing PHI and using it for illegal activity. Without reviewing audit logs of access to PHI, many organizations might not even realize that PHI is being accessed inappropriately. The HIPAA Security Rule requires periodic review of audit logs.

“Employees only need to be trained once on HIPAA Security Policies and Procedures.”

FALSE

The HIPAA Security Rule requires that all employees receive security training on how to protect PHI. Organizations must also provide retraining and security reminders to ensure employees continue to understand the risk to PHI and how to protect it. Looked at another way, training is not “one and done”! Organizations must continue to train and retrain employees. Training employees on HIPAA security is one of the best ways to protect PHI.

“It is ok for PHI to be stored or shared on Dropbox.”

FALSE

Dropbox is simple, easy to use and convenient. It makes backing up and sharing data very easy. Unfortunately Dropbox is NOT HIPAA compliant. So use Dropbox for personal use but do not store Protected Health Information (PHI) on Dropbox.

(Source: HIPAA Secure Now)

Company Profile

Netrepid provides colocation, infrastructure and application hosting services that work side by side with a large variety of industries including healthcare, financial, education, and government to accelerate their technology evolution from the ground to the cloud. Netrepid is a Service‐Disabled Veteran‐Owned company.